June

For a better user experience, please use the latest version of Internet Explorer or switch to another browser.

HUAWEI is releasing monthly security updates for flagship models. This security update includes Android and HUAWEI patches:

This security update includes the CVE announced in the June 2021 Android security bulletin.

Critical:CVE-2021-0516,CVE-2021-0507

High:CVE-2020-11292,CVE-2021-0504,CVE-2021-0508,CVE-2021-0509,CVE-2021-0510,CVE-2021-0511,CVE-2021-0506,CVE-2021-0517,CVE-2021-0520,CVE-2021-0521,CVE-2021-0522,CVE-2021-0523,CVE-2021-0505

Medium:none

Low: none

Already included in previous updates:CVE-2020-0009,CVE-2018-11985,CVE-2020-0478,CVE-2020-0473,CVE-2020-27054,CVE-2020-27046,CVE-2020-0298,CVE-2020-0299,CVE-2021-0446,CVE-2021-0487,CVE-2021-1906,CVE-2021-1905,CVE-2021-28663,CVE-2021-28664,CVE-2021-0493,CVE-2021-0494,CVE-2021-0495,CVE-2021-0496,CVE-2021-0497,CVE-2021-0498,CVE-2021-0491,CVE-2021-0490,CVE-2021-0489,CVE-2021-0492,CVE-2019-9358,CVE-2020-0359,CVE-2020-27059

※For more information on security patches, please refer to the Android security bulletins (https://source.android.com/security/bulletin).

This security update includes the following HUAWEI patches:

CVE-2021-22388: Out-of-bounds array access in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2020-24587: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22445: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22444: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause code injection.

CVE-2021-22443: Improper verification vulnerability in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause random address access.

CVE-2021-22442: Improper verification of the integrity check result in some HUAWEI devices

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22438: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

CVE-2021-22435: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity and availability.

CVE-2021-22434: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Lorant Szabo, TASZK Security Labs

CVE-2021-22433: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs

CVE-2021-22432: Vulnerability when configuring permission isolation in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Acknowledgment: Lorant Szabo, TASZK Security Labs

CVE-2021-22431: Vulnerability when configuring permission isolation in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause out-of-bounds access.

Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs

CVE-2021-22430: Logic bypass vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause code injection.

Acknowledgment: Lorant Szabo, TASZK Security Labs

CVE-2021-22429: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs

CVE-2021-22428: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22427: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22426: Memory address out of bounds vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause malicious code to be executed.

Acknowledgment: Daniel Komaromy and Lorant Szabo, TASZK Security Labs

CVE-2021-22415: DoS vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause kernel exceptions with the code.

CVE-2021-22414: Stack overflow vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22413: Out-of-bounds memory write vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 10.0.0, EMUI 9.1.0, Magic UI 3.0.0, EMUI 8.2, EMUI 8.0

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22412: Out-of-bounds address access in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause random kernel address access.

CVE-2021-22392: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause verification bypass and directions to abnormal addresses.

Acknowledgment: Daniel Komaromy and Gyorgy Miru, TASZK Security Labs

CVE-2021-22391: Stack overflow vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22390: UAF vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22389: Kernel address rewrite vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause certain codes to be executed.

CVE-2021-22446: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22387: Deserialization vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may allow attempts to remotely execute commands.

CVE-2021-22386: Race condition vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22385: NFC-based connection authentication vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22384: Race condition vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22381: Bluetooth protocol stack vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may cause an infinite loop in DoS.

CVE-2021-22380: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0

Impact: Successful exploitation of this vulnerability may affect service integrity.

Acknowledgment: Mathy Vanhoef, New York University Abu Dhabi

CVE-2021-22379: Integer overflow vulnerability in some HUAWEI phones

Severity: Low

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause DoS of Samgr.

CVE-2021-22376: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.

CVE-2021-22375: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 10.1.1, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality, availability and integrity.

CVE-2021-22370: Improper verification vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2021-22367: Logic bypass vulnerability in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, Magic UI 4.0.0, Magic UI 3.1.1

Impact: Successful exploitation of this vulnerability may lead to authentication bypass.

CVE-2021-22319: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, Magic UI 4.0.0

Impact: Successful exploitation of this vulnerability may cause integer overflows.

CVE-2020-26558: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2020-26555: Connection key leakage vulnerability due to the weaknesses found in the Bluetooth protocol in some HUAWEI phones/earphones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CVE-2020-26147: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26146: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26145: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26144: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26143: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26142: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26141: Vulnerability of abusing frames of the Wi-Fi protocol for attacks in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26140: Packet injection vulnerability due to the weaknesses found in the code in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-26139: Vulnerability of forwarding unverified packets in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2020-24588: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

CVE-2021-22447: Improper verification vulnerability in some HUAWEI phones

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause the system to reset.

CVE-2021-22448: Improper verification vulnerability in some HUAWEI devices

Severity: Medium

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.1, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may cause unauthorized read and write of some files.

CVE-2020-24586: Packet injection vulnerability due to the weaknesses found in the Wi-Fi protocol in some HUAWEI phones

Severity: High

Affected versions: EMUI 11.0.0, EMUI 10.1.1, EMUI 10.1.0, EMUI 10.0.0, EMUI 9.1.0, Magic UI 4.0.0, Magic UI 3.1.1, Magic UI 3.1.0, Magic UI 3.0.0, Magic UI 2.1.1

Impact: Successful exploitation of this vulnerability may affect service integrity.

Leaving consumer.huawei.com
After clicking the link, you will enter a third-party website. Huawei is not responsible and has no control over this third party website.
Return Continue